Export limit exceeded: 363344 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (47132 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-30987 1 Phpgurukul 1 Client Management System 2025-04-10 6.8 Medium
Cross Site Scripting vulnerability in /bwdates-reports-ds.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code and obtain sensitive information via the fromdate and todate parameters.
CVE-2024-30988 1 Phpgurukul 1 Client Management System 2025-04-10 6.8 Medium
Cross Site Scripting vulnerability in /search-invoices.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code and obtain sensitive information via the Search bar.
CVE-2024-30989 1 Phpgurukul 1 Client Management System 2025-04-10 5.4 Medium
Cross Site Scripting vulnerability in /edit-client-details.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code via the "cname", "comname", "state" and "city" parameter.
CVE-2021-4302 1 Phpwcms 1 Phpwcms 2025-04-10 3.5 Low
A vulnerability was found in slackero phpwcms up to 1.9.26. It has been classified as problematic. This affects an unknown part of the component SVG File Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.9.27 is able to address this issue. The patch is named b39db9c7ad3800f319195ff0e26a0981395b1c54. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217419.
CVE-2025-0272 1 Hcltechsw 2 Hcl Devops Deploy, Hcl Launch 2025-04-10 5.4 Medium
HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.
CVE-2015-10019 1 Mysimplifiedsql Project 1 Mysimplifiedsql 2025-04-10 3.5 Low
A vulnerability, which was classified as problematic, has been found in foxoverflow MySimplifiedSQL. This issue affects some unknown processing of the file MySimplifiedSQL_Examples.php. The manipulation of the argument FirstName/LastName leads to cross site scripting. The attack may be initiated remotely. The patch is named 3b7481c72786f88041b7c2d83bb4f219f77f1293. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217595.
CVE-2025-2196 1 Mrcms 1 Mrcms 2025-04-10 3.5 Low
A vulnerability was found in MRCMS 3.1.2. It has been declared as problematic. Affected by this vulnerability is the function upload of the file /admin/file/upload.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument path leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-28983 1 Hitachi 1 Pentaho Business Analytics Server 2025-04-10 8.8 High
Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin interface.
CVE-2022-47523 1 Zohocorp 3 Manageengine Access Manager Plus, Manageengine Pam360, Manageengine Password Manager Pro 2025-04-09 9.8 Critical
Zoho ManageEngine Access Manager Plus before 4309, Password Manager Pro before 12210, and PAM360 before 5801 are vulnerable to SQL Injection.
CVE-2022-45913 1 Zimbra 1 Collaboration 2025-04-09 6.1 Medium
An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occur via one of attributes in webmail URLs to execute arbitrary JavaScript code, leading to information disclosure.
CVE-2022-45911 1 Zimbra 1 Collaboration 2025-04-09 6.1 Medium
An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occur on the Classic UI login page by injecting arbitrary JavaScript code in the username field. This occurs before the user logs into the system, which means that even if the attacker executes arbitrary JavaScript, they will not get any sensitive information.
CVE-2022-44870 1 Maccms 1 Maccms 2025-04-09 6.1 Medium
A reflected cross-site scripting (XSS) vulnerability in maccms10 v2022.1000.3032 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the AD Management module.
CVE-2025-2194 1 Mrcms 1 Mrcms 2025-04-09 3.5 Low
A vulnerability was found in MRCMS 3.1.2 and classified as problematic. This issue affects the function list of the file /admin/file/list.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument path leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-2195 1 Mrcms 1 Mrcms 2025-04-09 3.5 Low
A vulnerability was found in MRCMS 3.1.2. It has been classified as problematic. Affected is the function rename of the file /admin/file/rename.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument name/path leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-31108 1 Iflychat 1 Iflychat 2025-04-09 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iFlyChat Team iFlyChat – WordPress Chat iflychat allows Stored XSS.This issue affects iFlyChat – WordPress Chat: from n/a through 4.7.2.
CVE-2022-4695 1 Usememos 1 Memos 2025-04-09 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
CVE-2022-4694 1 Usememos 1 Memos 2025-04-09 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
CVE-2022-4692 1 Usememos 1 Memos 2025-04-09 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
CVE-2022-46769 1 Apache 1 Sling Cms 2025-04-09 5.4 Medium
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.2 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in the site group feature. Upgrade to Apache Sling App CMS >= 1.1.4
CVE-2015-10032 1 Healthmateweb Project 1 Healthmateweb 2025-04-09 3.5 Low
A vulnerability was found in HealthMateWeb. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file createaccount.php. The manipulation of the argument username/password/first_name/last_name/company/phone leads to cross site scripting. The attack can be launched remotely. The patch is named 472776c25b1046ecaf962c46fed7c713c72c28e3. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217663.